Microsoft has disabled the ms-appinstaller protocol to prevent malware from spreading. It is used by Microsoft App Installer in Windows 10 and Windows 11. The reason behind this move is active abusing of the protocol by attackers to distribute malware such as Emotet and BazarLoader. Actually, Microsoft disabled the protocol last year, but issued the official statement about it only now.
The ms-appinstaller protocol allows users to install various applications by clicking on a link on a website without first downloading the MSIX file to local media. The discovered vulnerability CVE-2021-43890 allows attackers to represent malware as a program of a well-known brand. So that an inexperienced user can easily allow installation of this package on their device.
Microsoft is currently testing the protocol extensively to ensure that re-enabling the feature does not lead to new security issues. The company also understands that this protocol is very important for corporate customers. Microsoft may also add a group policy that allows manually enabling the protocol. There may be some advanced options to monitor usage of the ms-appinstaller feature.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: